WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCT 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 6 : 

H04K 1/00, H04L 9/00, 17/02, G06F 
1/00, G07F 7/10 



Al 



(11) International Publication Number: WO 98/40983 

(43) International Publication Date: 17 September 1998 (17.09.98) 



(21) International Application Number: PCT/US98/05004 

(22) International Filing Date: 13 March 1998 (13.03.98) 



(30) Priority Data: 

08/814,986 



14 March 1997(14.03.97) 



US 



(71) Applicant: INNOVONICS, INC. [US/US]; 21644 North Ninth 

Avenue, Phoenix, AZ 85027 (US). 

(72) Inventor: CLARK, Dercck, B.; 3642 West Camino Real, 

Glendale, AZ 85310 (US). 

(74) Agent: POTE, Daniel, R.; Snell & Wilmer LLP., One Arizona 
Center, 400 E. Van Buren, Phoenix, AZ 85004-0001 (US). 



(81) Designated States: AL, AM, AT, AU, AZ, BA, BB, BG, BR t 
BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES, FI, GB, GE, 
GH, GM, GW, HU, ID, IL t IS, JP, KE, KG, KP, KR, KZ, 
LC, LK, LR, LS, LT, LU, LV, MD, MG, MK, MN, MW, 
MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, 
TM, TO, TT, UA, UG, UZ. VN, YU, ZW, ARIPO patent 
(GH, GM, KE, LS, MW, SD, SZ, UG, ZW), Eurasian patent 
(AM, AZ, BY, KG, KZ, MD, RU, TJ. TM). European patent 
(AT, BE, CH, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, 
MC. NL, PT. SE), OAPI patent (BF, BJ, CF. CG. CI, CM, 
GA, GN, ML, MR, NE, SN, TD, TG). 



Published 

With international search report. 

Before the expiration of the time limit for amending the 
claims and to be republished in the event of the receipt of 
amendments. 



(54) Title: METHODS AND APPARATUS FOR SECURELY ENCRYPTING DATA IN CONJUNCTION WITH A PERSONAL 
COMPUTER 




206 



(57) Abstract 

An encryption module for encrypting financial and other sensitive data may be conveniently interposed in series between a personal 
computer and the keyboard associated therewith. An application program designed to run on the PC is configured to prompt the user to enter 
his PIN or other confidential data into the encryption module; consequently the confidential data need not be transmitted in an unencrypted 
fashion, and need not reside on the PC hard drive in an unencrypted form. 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spain 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


FI 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 


Prance 


HJ 


Luxembourg 


SN 


Senegal 


AU 


Australia 


GA 


Gabon 


LV 


Latvia 


sz 


Swaziland 


AZ 


Azerbaijan 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 


Belgium 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


Turkmenistan 


BF 


Burkina Faso 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT 


Trinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 


MX 


Mexico 


uz 


Uzbekistan 


CF 


Central African Republic 


JP 


Japan 


NE 


Niger 


VN 


Viel Nam 


CC 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyzstan 


NO 


Norway 


ZW 


Zimbabwe 


CI 


Cflte d'lvoire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






GS 


China 


KR 


Republic of Korea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazakitan 


RO 


Romania 






CZ 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


LI 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







i 



WO 98/40983 PCT/US98/05004 



METHODS AND APPARA TUS FOR 
SECUREL Y ENCRYPTING DA TA 
IN CONJUNCTION WITH A PERSONAL COMPUTER 



5 Technical Field 

The present invention relates, generally, to methods and apparatus for 
encrypting and manipulating confidential data and, more particularly, to techniques 
for transmitting encrypted data to a host computer from a remote personal computer. 

Background Art and Technical Problems 

10 Systems for performing financial transactions from a remote location, e.g., the 

home, office, or retail facility, are becoming increasingly popular. The proliferation 
of personal computers, and particularly in conjunction with modems, permits a 
consumer to effect bill paying, retail purchasing, banking, and other commercial 
transactions remotely, thus avoiding the need to travel to attend to routine commercial 

1 5 matters. 

Presently known systems typically comprise a host computer located at a central 
data processing site, which is configured to communicate with a large number of 
remote personal computers (PC). When an individual desires to effect a financial 
transaction, for example to order merchandise and pay for the merchandise or services 

20 via a credit account, debit account, digital "coins" or the like, the user constructs a 

data link between his PC and the host computer via the PC's modem. Upon ordering 
the appropriate merchandise, the user may enter an account (e.g., credit card) number 
corresponding to the account to which the merchandise is to be charged. The 
purchase request is then transmitted from the PC to the host computer, whereupon the 

25 transaction is verified by the host computer. 

Presently known systems are limited, for example, in their ability to effect the 
real time transfers of funds, due to various problems associated with the transmission 
of encrypted data. More particularly, real time transfers of funds are typically effected 
through the use of an automatic teller machine (ATM). In a typical ATM transaction. 

30 the user enters an account number onto a keypad or. alternatively, inserts a bank card 
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into the ATM whereupon the account information is "read" from the magnetic strip 
located on the back of the bank card. Thereafter, the user enters a personal 
identification number (PIN) into the keypad to enable the transaction. By properly 
entering the PIN associated with the bank card, the fraudulent use of such cards is 
5 greatly reduced. The extension of the aforementioned ATM paradigm to home use is 
problematic, however, in that presently known systems for transmitting encrypted data 
(e.g., PINS) are unsatisfactory. 

More particularly, although techniques for encrypting PINs and other 
confidential data and information are generally well known, current banking and other 

10 financial industry regulations are calculated to limit the extent to which confidential 
data may be transmitted in a non-encrypted form. In the context of a PC used to 
remotely effect a commercial transaction, it is possible to encrypt the confidential data 
at the PC and thereafter transmit the encrypted data to the host computer. However, 
presently known systems generally require that the confidential data (e.g., PIN) be 

1 5 entered into the computer via the keyboard associated with the PC, whereupon the 
PCs processor controls the encryption process. Thus, the data is essentially 
transmitted from the keyboard to the PC mother board over the physical wires 
connecting the keyboard to the PC box. Thereafter, the unencrypted data, i.e., prior to 
completing the encrypting process, necessarily resides on the mother board, for 

20 example prior to and during the encryption process. It is believed that sophisticated 
electronic "listening" devices could thus be employed to detect the confidential data 
between the time it is entered into the keyboard by the user and the time at which 
encryption is complete. 

A system is thus needed which overcomes the shortcomings of the prior art. 

25 Summary of the Invention 

The present invention provides methods and apparatus for transmitting 
encrypted data which overcomes the shortcomings of the prior art. 

In accordance with one aspect of the present invention, a system for transmitting 
encrypted data comprises a host computer connected to a remote data processing 
30 device (e.g., a desktop-type PC, laptop cr riputer. or the like) which includes a 

keyboard or other suitable mechanism for entering confidential data into the remote 
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device. In accordance with a first embodiment of the invention, ihe remote processing 
device comprises a laptop PC having an integral alphanumeric keyboard, with an 
encryption module connected to the PS/2 port of the laptop. In accordance with this 
first embodiment, the encryption module comprises a keypad or other data capture 
5 device which permits the user to directly enter confidential data (e.g. , PIN) into the 
encryption module. The encryption module thereafter encrypts the confidential data 
and transmits the encrypted data to the laptop PC, whereupon the encrypted data may 
be transmitted to the host computer via modem. In this way, the data need not reside 
in the PC in an unencrypted form; moreover, the data is transmitted from the 

10 encryption module to the laptop in an encrypted form, thereby reducing the risk that 
electronic "listening" devices may intercept the unencrypted data. 

In accordance with a second embodiment of the present invention, the 
encryption circuitry is integrated into a keyboard, mouse, or other peripheral 
associated with a desktop, laptop, or other PC. such that confidential data may be 

15 encrypted in the peripheral device itself, whereupon the confidential data is 
transmitted to the PC and manipulated by the PC in an encrypted form. 

In accordance with a third embodiment of the present invention, a self- 
contained, stand-alone transaction module comprises a processor having an integral 
data acquisition module (e.g., keypad) associated therewith, such that confidential 

20 data may be entered into the keypad and encrypted within a single, integral unit, thus 
avoiding the need for transmission wires between a remote keypad and the encryption 
processing circuitry. 

In accordance with a further aspect of the invention, the encryption module may 
be configured to transmit and/or receive confidential data to and/or from a remote 

25 computer in addition to the PC. The encryption module may also be equipped with 
various peripheral devices useful in entering data and information, for example 
magnetic head card readers, "smart card" or integrated circuit card (ICC) readers, bar 
code readers, voice recognition devices, scanners, and the like. In this way. 
confidential data in virtually any medium may be captured by the encryption module 

30 and encrypted prior to transmission to the PC and/or subsequent processing, such 

that the potential for the unauthorized detection of the unencrypted data is minimized. 
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Brief Description of the Drawing Figures 

The present invention will hereinafter be described in conjunction with the 25 
appended drawing figures, wherein like numerals designate like elements, and 

Figure 1 is a schematic block diagram of a transaction authorization system in 
5 accordance with the present invention: 

Figure 2 is a front elevation view of a PC having an encryption module 
integrated therewith; 

Figure 3 is a schematic block diagram of an integral encryption module; 

Figures 4 and 6-10 are flow charts setting forth the operation of an exemplary 
1 0 application program executed by the PC of Figure 2 in accordance with the present 
invention; 

Figure 5 is a display of various icons useful in conjunction with the software 
shown in Figure 4; 

Figure 11 is an alternate embodiment of the encryption module shown in 
15 Figure 2; 

Figure 12 is a schematic block diagram of the functional aspects of the 
encryption module of Figure 2 ; 

Figure 13 is a schematic circuit diagram of the processor embodied in the 
encryption module of Figure 2; 
20 Figure 14 is a schematic circuit diagram of the keypad shown in Figure 2: 

Figure 15 is a schematic circuit diagram of an analog switch used in the 
encryption module of the present invention; 

Figures 16 and 17 are schematic circuit diagrams of a magnetic strip reader 
circuit; 

25 Figures 18-20 are schematic memory maps of various memory sectors 

associated with the processor of Figure 13; 

Figures 21-36. are flow chart diagrams setting forth various functional features 
of the encryption module of the present invention; and 

Figures 37-39. are block diagram schematic drawings of various embodiments 
30 of the present invention. 
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Detailed Description of Preferred Exemplary Embodiments 

Referring now to Figure 1, a remote transaction system 100 suitably comprises 
a host computer system 102 which may be interfaced with one or more transaction 
networks, for example a bill paying network 104, a banking system network 106. and 

5 various other network systems 108, for example state lottery purchase networks, retail 
shopping purchase networks, mail order purchase networks, and the like. Remote 
transaction system 100 further comprises a plurality of remote data processing 
terminals 1 10a- 1 lOn. for example a PC of the type typically used by a home 
consumer. Remote transaction system 100 may also comprise various diagnostic and 

10 maintenance apparatus, for example a network transmit test system 1 1 2 and a network 
transmit receive. system 114 suitably utilized to periodically test the performance of 
host computer system 102. and an audit system 1 16 which permits the operator of 
system 100 to periodically audit the data and information resident within host 
computer 102. 

1 5 As discussed in greater detail below, various networks 1 04-1 08 are suitably 

operated by independent entities which desire to conduct business and/or other 
transactions with various consumers through host computer 102. for example wherein 
each of respective PCs 1 10A-1 10N are conveniently disposed within a consumer's 
home, office, retail outlet, and the like. 

20 In accordance with a preferred embodiment of the present invention, data, 

including confidential data, may be entered into one of respective PCs 1 10. and 
encrypted as discussed in greater detail below, the encrypted data thereafter being 
transmitted from the PC to host computer 102 along a suitable data link 118. In 
accordance with one aspect of the invention, data link 1 18 may comprise a 

25 transmission wire (e.g., a telephone line, fiber optic cable, or the like) or alternatively 
may comprise a wireless link, for example microwave, radio frequency (RF) or other 
suitable data transmission medium. 

Referring now to Figure 2, in accordance with a preferred embodiment of the 
present invention, an exemplary PC 1 10 suitably comprises a screen 202. a box 204 

30 for housing, inter alia, the computing circuitry associated with PC 1 1 0, a keyboard 
206 connected to box 204 via a connector 210, and a mouse 208 useful in executing 
interactive programs. In a first preferred embodiment of the present invention, an 
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encryption module 214 may be conveniently interposed between keyboard 206 and 
box 204. for example in series with connector 210. In the illustrated embodiment, 
module 214 suitably comprises a module connector 212 configured to permit easy 
installation of module 214. More particularly, a distal end 216 of connection 210 is 
5 normally plugged into a mating connector (not shown) on box 204 during normal 

operation of the PC. When it is desired to install module 214, connector end 216 may 
simply be detached from box 204, and a distal end 218 of connector 212 connected to 
box 204 at the same site; connector end 216 of connector 210 is suitably connected to 
module 214, for example in much the same manner as distal end 216 would otherwise 

10 be connected to box 204. In this way, module 214 may be conveniently interposed 

between keyboard 206 and box 204 without opening box 204, a procedure not readily 
acceptable to most computer users. 

In an alternate embodiment of the subject invention, the encryption circuitry and 
various of the peripheral devices discussed herein associated with module 214 may be 

1 5 conveniently incorporated into keyboard 206 during manufacture or, retrofit, thus 
avoiding the need for at least the keypad portion of module 214. 

With momentary reference to Figure 3, yet a further alternative embodiment 
suitably comprises a self contained, integral module 300 including at screen 306, a 
computer 304, a keyboard 302. a modem connection 308, and an accessory connector 

20 310 for interfacing module 300 with various preferred devices, for example bar code 
readers, smart card readers, magnetic strip readers and the like. In accordance with 
the embodiment in Figure 3, only those components necessary to effect the specific 
functions discussed need be incorporated into module 300 resulting in substantial cost 
savings over the PC embodiment shown in Figure 2. However, it will be appreciated 

25 that, for those consumers who already own a PC. the embodiment illustrated in 

Figure 2 may be preferable inasmuch as a conventional PC may be readily adapted in 
accordance with the present invention by incorporating module 214 into PC 110. 

Referring now to Figures 4-10, an exemplary remote transaction application 
program useful in accordance with the present invention will now be described. 

30 With particular reference to Figure 4. a suitable application program may be 

executed using a (WINDOWS) format which presents the user with various menu 
selections. Those skilled in the art will appreciate that the user may select various 
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options using keyboard 206 or mouse 208 (see Figure 2) as is known in the an. 
Although the subject application program is described herein in the context of the 
WINDOWS embodiment, it will be appreciated that the subject invention may be 
implemented in the context of any convenient applications environment. 

5 With continued reference to Figure 4. upon activating the WINDOWS 

capability of PC 1 10 (step 402), the user may select one of a plurality of menu options 
406-416, for example by double clicking mouse 208 (step 404). More particularly and 
with momentary reference to Figure 5, the user may select banking operation 406 
corresponding to icon 506, a bill paying operation 408 represented by icon 508. a 

1 0 neighborhood shopping operation 4 1 0 represented by icon 5 1 0, a mail ordering 

operation 412 represented by icon 512, a state lottery operation 414 represented by 
icon 514, a file operations 416 corresponding to 516, at PC setup operation 418 
corresponding to icon 5 1 8, a hardware test operation 420 corresponding to icon 520, a 
display time operation 422 corresponding to icon 522, or a tutorial operation 424 

15 represented by icon 524. Although the illustrated icons shown in Figure 5 are useful 
in the context of the illustrated embodiment, it will be appreciated that any suitable 
icon or other mechanism for selecting various program options may be employed in 
the context of the present invention. Moreover, the menu options set forth in Figures 
4 and 5 are merely exemplary; various combinations of the menu options shown in 

20 the Figures, alone or in combination with other menu options not set forth herein may 
also be employed in the context of the present invention. 

With continued reference to Figure 4, tutorial operation 424 suitably entails an 
explanation of the various menu options and an explanation of how to use the options. 
Display time option 422 suitably displays the system time in any desired format. 

25 Hardware test operation 420 is suitably configured to allow the user to verify the 

integrity of various hardware components and preferable devices useful in the context 
of the present invention. 

Setup operation 418 suitably permits the user to configure various parameters 
associated with the operation of the system and methods discussed herein. 

30 File operation 416 suitably allows the user to manipulate various data structures 

useful in the context of the present invention. 
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Lottery operation 414 may be configured to permit the user to purchase lottery 
tickets for example via modem from his state of residence or from any other state or 
municipality, depending on the regulation governing the sale of such tickets. 

Mail ordering operation 412 suitably entails procedures for ordering 
5 merchandise from PC 1 10, for example from a mail order catalog. In this regard. 

module 214 (see Figure 2) or ? alternatively, box 204 may be suitably equipped with a 
bar code reader so that merchandise may be automatically selected by scanning the bar 
code associated with the merchandise. The same bar code technique may also be 
employed in the context of shopping operation 410, which suitably entails procedures 
10 for permitting a user to order various products (e.g., grocery products) by entering the 
ordered item into PC 1 10. 

In accordance with the further aspect of the invention, neighborhood shopping 
operation 410 may be further implemented with the use of a bar code reader in the 
following manner. 

15 Various consumer products are typically equipped with a UPC label, bar code, 

or other indicia representing the particular product. A bar code reader assembly (not 
shown), for example a hand held wand, may be suitably used by the consumer to enter 
into a memory array associated with the bar code reader products which the consumer 
desires to purchase, for example from a grocery store. After accumulating products 

20 which the consumer desires to purchase for a period of time, the product digit stored 
in the bar code reader memory may be "dumped" into an appropriate memory location 
in PC 1 10 during the operation of, for example, shopping operation 410. In this way. 
the consumer may select the products to be purchased over a period of time, 
analogous to constructing a grocery list. When it is desired to purchase the items, 

25 indicia of the accumulated list may be transmitted via data link 1 1 8 (see Figure 1) to 
host computer 102 whereupon a grocery network 108 retrieves the data and assembles 
the groceries for the consumer. If desired, the grocery store cooperating with grocery 
network 108 may deliver the grocery items to the consumer's residence, with the 
groceries being paid for in accordance with, inter alia, the principles set forth in bill 

30 paying operation 408 or banking operation 406 as described in greater detail below. 

Referring now to Figures 4 and 6. banking operation 406 suitably permits the 
user to select one or more banking options, for example a funds transfer operation 
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602. and account inquiry operation 604. or a smart card funds transfer 606. In 
addition banking operation 406 may also permit the user to exit to the main menu 400 
(step 608). 

Referring now to Figures 6 and 7, funds transfer operation 602 suitably entails 
5 a selection of a particular bank account (step 610), for example a savings account, 
checking account, money market account and the like. When the account which the 
user desires to debit is selected, the system suitably prompts the user to enter an 
amount which is to be transferred or paid (step 702). for example by entering an 
amount into PC 1 10 via keyboard 206 (704). If no amount is entered after a 

1 0 predetermined time or if an incorrect amount {e.g. , "zero", a negative amount, or an 
amount which exceeds the predetermined threshold), the system may resume its 
previous processing path (step 706). If a correct amount of funds to be paid or 
transferred is entered by the user, the user may be suitably prompted to select the 
method of payment (step 708). whereupon a transaction request is suitably transmitted 

15 from PC 1 10 to module 214 (step 710), as discussed in greater detail below. 

In accordance with one aspect of the present invention, it may be desirable to 
permit particular transactions, e.g.. transactions involving the transfer of money, only 
upon the satisfaction of certain threshold conditions. For example, it may be desirable 
to permit a funds transfer only if a receipt evidencing the transaction may be printed at 

20 a printer which is located proximate PC 110. 

More particularly and with continued reference to Figure 7. the system may be 
suitably configured to confirm: (1) whether PC 1 10 is equipped with or otherwise has 
access to a local printer; and (2) that the aforementioned printer is equipped with 
paper upon which a receipt may be printed (step 712). 

25 If PC 1 10 either does not have a printer associated with it or if it has a printer 

but the printer it out of paper, the system may prompt the user to install an appropriate 
printer and/or paper (step 714). whereupon the system again checks to confirm the 
presence of a functional printer ( step 7 1 8). If a functional printer still is not detected, 
an appropriate error message is generated. 

30 If it is determined that PC 1 10 has a functioning printer associated therewith. 

PC 1 10 is suitably configured to transmit a command to module 214 which causes 
module 214 to enter a "swipe" mode of operation (step 716), discussed in greater 
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detail below in conjunction with Figures 27 and 28. The user may thereafter enter 
the appropriate account data, for example by swiping a transaction card through a 
magnetic card reader, entering a smart card into a smart card reader associated w ith 
PC 1 10 entering account data via keyboard 206. or any other convenient mechanism 
5 for entering account data associated with PC 1 10 or modem 214 (step 720). 

Referring now to Figure 8, once the account data is entered. PC 1 10 may 
suitably be configured to display the account data on screen 202 (step 802). The 
particular transaction being performed by the user is of a type which does not require 
the transmission of confidential data (eg., PIN), the account data and the funds 
10 transfer/bill payment data discussed above may be assembled and transmitted to host 
computer 102 via data link 1 18 for processing (step 812). If, on the other hand, the 
particular transaction requires the entry of confidential information, the system may be 
suitably configured to prompt the user to enter such confidential information (step 
804). 

1 5 More particularly, in order to facilitate the entry, encryption and transmission of 

encrypted confidential data. PC 1 10 may be suitably configured to send a command 
signal to module 214 to place module 214 into a "scan" mode (step 806), as discussed 
in greater detail below in conjunction with Figures 21 and 25. In accordance with the 
embodiment shown in Figure 2. the user may then enter such confidential information 

20 via the keypad associated with module 214 or in the context of the embodiment shown 
in Figure 3, via keypad 302. In the alternate embodiment discussed above wherein 
the encryption circuitry and/or software is integrated into keyboard 1 06. the user may 
enter the confidential information directly via keyboard 206. In any event, the manner 
in which module 214 (or module 300 in accordance with the embodiment shown in 

25 Figure 3) receives, encrypts, and transmits the encrypted data is discussed more fully 
in conjunction with Figures 21-29. 

Upon entering all the information necessary to reflect a particular transaction, 
the system may suitably prompt the user to determine whether the user desires to enter 
another transaction. If so. the system returns to step 702: if no further transactions are 

30 desired. PC 1 10 suitably packages and transmits the transaction data to host computer 
1 02 via data link 118. In this regard, any suitable mechanism for data transmission 
may be employed, for example a modem connected to box 204 or. alternatively a 
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modem connected directly to module 214 as discussed in greater detail below (step 
812). 

Once host 102 has confirmed the transaction (step 814). the printer (not shown) 

associated with PC 1 10 and discussed above suitably prints a transaction record 
5 (receipt) (step 8 1 6), and the system again returns to main menu 400 (step 8 1 8). 

Returning now to Figure 6, if the user desires to inquire as to an account 

balance and/or status (step 604), the system may suitably be configured to prompt the 

user to select a particular account subject to inquiry (steps 612), whereupon the system 

suitably returns to step 712 (see Figure 7). 
10 If the user selects smart card fund transfer operation 606. the system may be 

suitably configured to prompt the user to insert a smart card into an appropriate smart 

card reader module (step 614) (not shown). 

More particularly and with reference to Figure 9. those skilled in the art will 

appreciate that integrated circuit cards (ICC), also known as smart cards, typically 
1 5 comprise a microprocessor embedded within the card, as well as an electronic 

mechanism for permitting data transfer to and from the card. That being die case. 

account information and. indeed, funds may be electronically "added" to or 

"subtracted" from the card by making appropriate modification to the data resident on 

the card. 

20 With continued reference to Figure 9. if the user desires to add funds to the 

smart card (step 902). the system may be suitably configured to effect a process 
analogous to that set forth in Figure 7; namely, the user may select an account from 
which funds are to be withdrawn and applied to the smart card, as well as the amount 
of funds to be so applied. The user may' then be prompted to enter the smart card into 

25 a smart card reader/writer module (not shown) affiliated with either PC 1 1 0 or module 
214 to effect the electronic update of the data resident on the smart card. In addition, 
the system may be configured to require a functioning printer as a prerequisite to 
effecting the foregoing smart card updating function, as desired. 

If. on the other hand, the user desires to "withdraw" funds from the smart card 

30 (step 904). the system may prompt the user to select the destination of the funds 

withdrawn from the smart card (step 906). and to request the user to entni a PIN or 
other confidential data (step 908). In this regard, the entry of such confidential 
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information is suitably effected in a manner analogous to that described below in 
conjunction with Figures 11, 14 t and 25-28. Upon entry of the PIN, the smart card 
transaction may be suitably affected via the smart card reader/writer circuit (not 
shown) associated with either PC 1 10 or module 214. 
5 Referring once again to Figure 4, upon the selection of bill paying operation 

408. the system may be configured to prompt the user to add a new bill to the bill 
paying operation (step 1002). More particularly, the bill paying function of the 
subject system suitably entails a method of keeping track of various bills, for example 
department store bills, credit card bills, utility bills, and the like in conjunction with 
10 PC 1 10. If the user desires to add a new billing entity to the billing operation, for 
example a new department store charge account, the data corresponding to the new 
account may be entered into PC 1 10 by the user (step 1008), for example via keyboard 
206. 

The system may be further configured to display various bills comprising billing 
1 5 operation 408 (step 1 004), permitting the user to either exit to the main menu (step 
1010) or, alternatively, to select a particular bill for payment (step 1006). Once a 
particular bill is selected for payment, the system is suitably configured to effect 
payment of the bill in accordance with the steps described in conjunction with Figure 
7. 

20 It will be appreciated that at various times during the execution of the foregoing 

application program, the users are required to enter various account. PIN. and other 
information and/or data into the system, for example via module 214. Thus, in 
accordance with one aspect of the present invention, module 214 may be suitably 
configured to assume a plurality of different modes, depending on the particular 

25 function then being effected. The circuitry comprising module 214 which permits 
module 214 to assume these various operational states will now be described, 
followed by a functional description of the various operational modes associated with 
module 214. 

With momentary reference to Figure 11, module 214 may suitably assume any 
30 desired configuration, for example the sloping, contoured embodiment shown in 

Figure 11. In particular, module 214 suitably comprises a housing 1 100. for example 
an injection molded plastic housing similar to the conventional "mouse" typically 
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employed in conjunction with personal computers. In accordance with the 
embodiment shown in Figure 11. module 214 suitably comprises a keypad 1 102. for 
example corresponding to the numbers 0-9. and further including inter alia, various 
functions, for example an enter (E) and cancel (C) button. Module 214 further 

5 comprises a card reader slot 1 104 configured to receive transaction cards of the type 
bearing a magnetic strip, and an ICC (smart card) slot 1 106 configured to accept a 
smart card into read and/or write data to/from the smart card. 

Referring now to Figure 12, module 214 suitably comprises a keypad circuit 
1204 associated with keypad 1 102 (Figure 11), a magnetic strip reader circuit 1206 

10 associated with magnetic strip reader 1 104, a microcontroller 1212. a modem 1202. a 
smart card reader circuit 1208 associated with ICC slot 1 106, and a clock/data box 
1218 configured to effect communication between microcontroller 1212 and box 204 
via connector 212 as well as microcontroller and keyboard 206 via connector 210. In 
addition, module 214 suitably comprises a control gate 1222 for selectively 

15 establishing communication between module 214 and PC 110. 

With continued reference to Figure 12 and further reference to Figure 13. 
microprocessor 1212 suitably comprises a model MC68HCI 1E9 microprocessor 
manufactured by Motorola, Inc. Processor 1212 suitably interfaces with a power 
circuit 1302 configured to apply 5 volts powered to V^, and an oscillator circuit 1304 

20 configured to apply a predetermined clock pulse to a clock port 1 308. for example at a 
frequency in the range of 4 MHZ to 12 MHZ, and to most preferably 8 MHZ. 
Processor 1212 further comprises a reset circuit 1306 configured to selectively apply a 
reset signal to a reset port 1310 of processor 1212. 

In addition, processor 1212 is suitably equipped with the following input/output 

25 ports which, in the illustrated embodiment, are configured as follows: 
Port No. Function 

paO card swipe input/output (channel 1 ) 

pal card swipe input/output (channel 2) 

pa2 modem interrupt 

30 pa3 read/write 

pa4 ale 

pa5 cs 

pa6 output to "system validation" LED 

pa7 (smart card) read/write data 
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pbO 


keypad row 1 


pbl 


keypad row 2 


pb2 


keypad row 3 


pb3 


keypad row 4 


pb4 


buffer enable 


pb5 


smart card clock 


pb6 


smart card control 


pcO 


dO parallel data interface to modem 


pel 


d I parallel data interface to modem 


pc2 


d2 parallel data interface to modem 


pc3 


d3 parallel data interface to modem 


pc4 


d4 parallel data interface to modem 


pc5 


d5 parallel data interface to modem 


pc6 


d6 parallel data interface to modem 


pc7 


d7 parallel data interface to modem 


pdO, pdl 


interface to pentec bar code reader data loader 


pd2 


pc clock 


pd3 


pc data 


pd4 


keyboard clock 


pd5 


keyboard data 


peO 


keypad column I 


pel 


keypad column 2 


pe2 


keypad column 3 



Referring now to Figures 12-14, keypad 1 102 is suitably connected with the 
25 various ports associated with processor 1212 as set forth in Figure 14. 

Refer now to Figures 12-13 and 15, control gate 1222 suitably comprises an 
analog switch, for example a module no. 74HC4066 manufactured by Motorola. Inc. 
Switch 1222 suitably comprises four internal switches a-d. which are suitably 
simultaneously controlled by the output of port pb4. such that internal switches a-d are 
30 either all open or all closed in accordance with the logic value of the output of port 
pb4. Generally speaking, in essentially all operational states of module 214. internal 
switches a-d will remain open, effectively isolating keyboard 206 from box 204. 
During the transparent mode (discussed below), internal switches a-d will typically 
remain closed, permitting normal communication between the keyboard and the PC. 
35 With continued reference to Figures 12-13 and 15, the buffer enable signal 

from port pb4 of processor 1212 is suitably applied to control gate 1222. In addition, 
the keyboard clock and keyboard data signals are transmitted between ports pd4 and 
pd5. respectively, of microprocessor 1212 to a databus 1219 extending from switch 
1222 to keyboard 206 via connector 210. Similarly, the PC clock and PC data signals 
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are transmitted between ports pd2 and pd3. of microcontroller 1212 to a databus 1218 
extending between control gate 1222 and box 204 (Figure 1) via connector 212. 

Referring now to Figures 12, 13 and 16, a first embodiment of magnetic strip 
reader circuit 1206 associated with magnetic strip reader 1 104 (Figure 11) suitably 
5 comprises a magnetic reader head 1602, for example a 1 .6 micro henry inductor coih 
respective first and second amplifiers 1604 and 1606. for example model no. LN4324a 
operational amplifiers, respective comparators 1608 and 1610. for example model no. 
LM393. and an inverting schmidt trigger 1612. for example pan no. 74HC14. 

More particularly and with continued reference to Figure 16. a transaction card 

10 of the type bearing a magnetic strip is suitably slid through magnetic strip reader 1 104 
of module 214 (Figure 11) such that the magnetic strip magnetically engages reader 
head 1602. The output of coil 1602 is suitably applied to the inverting input of 
amplifier 1606 which suitably exhibits a gain on the order of 20. The output of 
amplifier 1604 is suitably applied to the noninverting input of amplifier 1606. The 

1 5 output of amplifier 1 606 is suitably applied to the noninverting input of comparator 
1608 and to the inverting input of comparator 1610. By applying a determined 
threshold voltage to the inverting input of amplifier 1608. and by. also applying a 
predetermined threshold voltage to the non-inverting input of amplifier 1610. a series 
of logic hi and logic low pulses are applied to the input of schmidt trigger 1612. which 

20 inputs are effectively rectified, squared and sharpened into a binary square wave by 
the schmidt trigger/comparator combination. The output of schmidt trigger 1612 is a 
function of the output of coil 1602 and corresponds to the data which is magnetically 
encoded into the magnetic strip which is drawn through magnetic card reader 1 104. 
The output of schmidt trigger 1612 correspond to the channel 1 swipe data applied to 

25 port paO of processor 1212. 

The magnetic head reader circuit of Figure 16 is particularly useful in the 
context of cards bearing magnetic strips which comprise a single "track", or single 
column of magnetically encoded information. Alternatively, many magnetic strips of 
the type typically found on transaction cards comprise two or more separate magnetic 

30 columns embedded within the magnetic strip. In such cases, it may be desirable to 
employ dual magnetic reader coils in the context of card reader slot 1 104. 
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More particularly and referring now to Figure 17. an alternate embodiment of 

circuit 1206 suitably comprises respective first and second reader coils 1603a and 

1603b which are suitably configured to read the corresponding first and second 

magnetic rails (not shown) comprising the dual rail magnetic strip associated with a 
5 transaction card. In the alternative embodiment shown in Figure 17. the circuit 

essentially comprises two of the circuits shown in Figure 16 configured to generate 

respective outputs 1702 and 1704 which are suitably applied to respective ports paO 

and pal of processor 1212. 

Referring now, to Figures 18-20 and with momentary reference to Figure 12. 
10 microcontroller 1212 suitably comprises a random access memory (RAM) 1 802. a 

read only memory (ROM) 1902 and an erasable electronically programmable read 

only memory (EEPROM) 2002. 

More particularly, RAM 1802 suitably comprises, inter alia, respective memory 

sectors 1 804-1 836 corresponding to various addresses in RAM 1 802. As discussed 
15 below in conjunction with the operational states of module 214, various 

predetermined data are suitably stored and retrieved in data sectors 1 804-1 836 during 

operation of module 214. 

With continued reference to Figure 19, the operating code (operational 

program) which controls the operation of module 214 is suitably stored in a first 
20 sector 1904 in ROM 1902. Moreover, various interrupt sectors, useful in the 

operation of module 214 are suitably stored in a second sector 1906 within ROM 

1902. 

Referring now to Figure 20. EEPROM memory map 2002 suitably comprises 
non-volatile memory for use in storing encryption keys associated with the encryption 

25 algorithm employed in die context of the present invention to encrypt confidential 
data. More particularly, EEPROM 2002 suitably comprises a first sector 2004 
corresponding to future encryption keys, a second sector 2006 corresponding to the 
serial number of the initial encryption key and a third sector 2008 corresponding to an 
encryption counter. In accordance with one aspect of the present invention, any 

30 suitable encryption algorithm may be employed by module 214. module 300. or 
PCI 10 in the context of the present invention which provides adequate security 
against unauthorized detection of the underlying confidential data. 
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Referring now to Figures 21-38, the operation of system 100. and particularly 
the operational states of module 214. will now be described. 

With particular reference to Figure 21. upon powering up of module 2 14. a 
reset signal is applied to reset port 1 3 1 0 of processor 1 2 1 2 ( step 2102). 
5 Upon entering the reset condition, system initialization is executed (step 2 104). 

More particularly and with momentary reference to Figure 22. system 
initialization step 2104 suitably entails various initialization steps (2104b), including, 
inter alia: 

1 . Initializing the current mode to transparent mode, for example by setting 
10 current mode, register 1 804 (see Figure 18) to the transparent mode 

condition, as discussed in greater detail below; 

2. Initializing previous mode register 1 806 to "no mode"; 

3. Initializing the system interrupts to appropriate trigger characteristics; 

4. Enabling interrupts from the PC interface bus {e.g.. connector 212); and 
15 5. Initializing the PC interface temporary buffer 1808 to "empty". 

The relevancy of the foregoing initialization steps are discussed in greater detail below 
in conjunction with ensuing description of the operation of module 214. 

Upon completing system initialization, the system enters a system redirect state 
(step 2106), whereupon the system then enters the appropriate operational mode: in 

20 the context of system start up, the system will default to transparent mode, as set forth 
above in conjunction with system initialization step 2104(b). 

More particularly, a preferred embodiment of the present invention employs an 
interrupt-based processing scheme within module 214. Thus, as the system flows 
through the main operational loop set forth in Figure 21, the system will from time to 

25 time receive interrupts from PC 1 1 0. Upon receipt of a "mode change" interrupt 
command from PC 1 10. processor 1212 causes module 214 to terminate the then 
current mode, and enter system redirect (step 2 106), from which the appropriate new 
operational mode may be entered. 

From the main control loop governing the operation of module 214 shown in 

30 Figure 21. the system may enter any one of a number of operational states as a result 
of a number of predicate instructions. More particularly, the system may enter certain 
operational states as controlled by the executable code resident within sector 1904 of 
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ROM 1902. In addition, the system may enter certain operational states as a result of 
commands received from PC 110. as set forth in more detail in conjunction with 
Figure 23. 

Referring now to Figure 23. PC 1 10 from time to time sends interrupt 
5 commands to module 2 1 4 via connector 2 1 2 (step 2302). 

Upon receipt of a PC interrupt, the interrupt data packet received from PC 1 10 
is suitably stored in sector 1808 of RAM 1802 (step 2304). The system then 
determines if the complete message (interrupt data packet) was received from PC 1 10; 
if not. the system returns to main loop 2100. If a complete message is received at 
10 module 214. the system determines if the data corresponds to a command instruction 
or whether the message corresponds to other than a command instruction (step 2308). 

If the message corresponds to data other than a command instruction, the 
message is suitably stored in data output buffer 1810 of RAM 1802 (step 2310). for 
subsequent processing, e.g., modem transmission to host computer 102. Thereafter. 
15 the contents of PC interface temporary buffer 1808 are reset to empty (step 2320). 
then the system again returns to its pre-interrupt state (step 2322). 

Returning now to step 2308 of Figure 23. if the data received is a command 
instruction, the system determines if the command instruction corresponds to a mode 
change (step 23 1 2). If not. the data is stored in command register 1 8 1 2 of RAM 1 802 
20 for possible subsequent use within the then current mode (step 23 1 6): the system then 
proceeds to step 2320. as described above. If the message received from PC 1 10 
corresponds to a mode change command ("yes" branch from step 2312), the then 
current mode is written into previous mode register 1 806 (step 23 14). and the newly 
received mode is written into current mode register 1804 of RAM 1 802 (step 23 1 8). 
25 The system then proceeds to step 2320. as described above. 

With continued reference to Figure 21. upon receipt of a message from PC 110. 
processor 1212 interrogates current mode register 1804 and, in accordance with the 
contents of register 1804 ? answers the appropriate operational mode from main loop 
2100. In the context of start up operation, the system is suitably configured to enter 
30 transparent mode (step 2110). 

Referring now to Figure 24. transparent mode 21 10. just as with various other 
operational modes described below, determines whether a subsequent mode change 
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has been received since entering transparent mode 2110 (step 2402). If a mode 
change is received, the system enters the system redirect state (step 2106); (see also 
Figure 21) and enters the newly selected mode. If a mode change has not occurred, 
processor 21 12 interrogates previous made register 1 806 to determine if the previous 

5 mode corresponds to transparent mode (step 2404). If the previous mode corresponds 
to transparent mode, the system proceeds to step 2410. If the previous mode was not 
transparent mode, the system commands the keyboard to clear its internal buffers and 
to set previous mode register 1 806 to transparent (step 2408). More particularly, if the 
previous mode was not transparent mode, it is possible that spurious keystrokes may 

1 0 have been entered into keyboard 206. which keyboard data may be stored in buffers 
internal to keyboard 206 and not shown in Figure 2. In order to prevent data 
corresponding to these spurious keystrokes from being transmitted to PC 110. the 
keyboard internal buffers are cleared (step 2408). Thereafter, the system enables the 
interface between keyboard 206 and PC 1 10 (step 2410). 

1 5 More particularly, and with reference to Figures 12, 13, and 15, step 2410 of 

Figure 24 suitably entails processor 1212 generating a buffer enable signal at port 
pb4, and transmitting the buffer enable signal to control gate (switch) 1 222. In 
response, internal switches a-d of switch 1222 are closed, establishing direct 
communication between PC 1 10 and keyboard 206 through connector 212. bus 1218. 

20 switch 1222. bus 1219, and connector 210. Thereafter, the system continues to cycle 
through transparent mode 2110, permitting normal operation of keyboard 206 with 
respect to PC 110. The system will continue to cycle through transparent mode 2110 
until a subsequent message is received from PC 110. 

Returning now to Figure 21. the system may also receive a command to enter 

25 scan mode (step 2112). for example in response to a scan mode request from PC 1 10 
(see step 806, Figure 8), whereupon processor 1212 causes module 214 to enter the 
scan mode of operation (step 2114). 

More particularly and referring now to Figure 25 (scan mode 2114) generally 
involves "scanning" the circuitry associated with keypad 1 102 (Figure 14) to detect 

30 data (e.g., PIN) entered into keypad 1 102 by the user. 

With continued reference to Figure 25. scan mode operation involves, inter 
alia, initializing PIN entry buffer 1814 of RAM 1802 to empty {step 2502). to prepare 
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the PIN buffer to receive data which is about to be entered onto keypad 1 102 by the 
user. 

The system detects whether a subsequent mode change command has been 
received (step 2504); if so, the system returns to system redirect step 2104. If no 
5 mode change has occurred, module 214 waits until a keypress is detected (step 2506) 
or. alternatively, until a mode change is detected (step 2504). 

More particularly, processor 1212 scans ports pb0-pb3 and ports pe0-pe2 {see 
Figure 13) corresponding to rows 1-4 and columns 1-3 of keypad 1 102. respectively 
(see Figure 14). When a keypress is detected, the system determines if the depressed 
10 key corresponds to one of the numbers 0-9 (step 2508); if so, module 214 suitably 
sends a signal to PC 1 10 to cause a "dummy" indicia of the depressed key to screen 
202 (Figure 2). 

More particularly, the operational program stored in sector 1904 of ROM 1902 
(Figure 19) of processor 1212 suitably includes an operating code which permits 

15 module 214 to communicate with PC 1 10 in a manner which emulates the manner in 
which conventional keyboards (e.g., keyboard 206) typically communicate with box 
204. In a preferred embodiment of the present invention, the operating code 
governing the operation of module 214 is suitably configured in accordance with any 
suitable protocol, for example the protocol employed by IBM in its PCs or any other 

20 suitable derivative or variant thereof, to thereby permit module 214 to communicate 
with box 204 in a manner which emulates conventional communication between 
keyboard 206 and box 204, data transmission and other communication between 
module 214 and box 204 may be conveniently and efficiently carried out in a manner 
which is essentially transparent to box 204; that is. when box 204 receives data and/or 

25 information from module 214. box 204 interprets the data just as though box 204 had 
received it from keyboard 206. Similarly, when box 204 transmits data and/or 
information which is received by module 214. box 204 configures the 
data/information packages in the same manner in which box 204 would normally 
configure the data for receipt by keyboard 206. By leveraging presently known data 

30 transmission protocols in this manner, module 214 may be conveniently interposed in 
series between the keyboard and the keyboard port on the PC of essentially all PCs 
which comport with industry recognized protocol schemes. 
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With continued reference to Figure 25. if a keypress corresponds to a 0 through 
9. the system waits until the key is released (step 2518) before capturing the data. In 
this way, the system desirably avoids capturing repetitive data which may often be 
generated by many key pads which are specifically configured to continuously 
5 generate repetitive keystroke data when a particular key is held down by the user. 

Return now to step 2508. if the keypress was not a 0 through 9. the system 
determines if the keypress corresponds to an "Enter" (step 2512); if so, a message 
corresponding to an "Enter" command is transmitted from module 214 to PC 1 10 
(step 2514), indicating that entry of the confidential data (e.g., PIN) is complete. If. 

10 on the other hand, the keypress does not correspond to an "Enter", the system 

determines the identity of the keypress. In the context of the illustrated embodiment. 
If the keypress does not correspond to a 0 through 9. and further does not correspond 
to an "Enter", the system concludes that the keypress corresponds to a "Cancel" (step 
2516). Thus, module 214 transmits a message to PC 1 10 indicating that entry of the 

1 5 confidential data has been canceled by the user. 

Upon release of the depressed key by the user (step 2518), the system 
determines if the keypress corresponds to a 0 through 9 (step 2520): if so. the 
particular numeric keypress is suitably stored in PIN entry buffer 1814 of RAM 1 802 
(step 2524), and the system returns to step 2504 to await the next keypress. 

20 If the keypress corresponds to a "Cancel" (step 2522), the systems restores PIN 

entry buffer 1814 to empty (step 2528) and returns to step 2504 to await either a mode 
change or a subsequent keypress. 

If the keypress corresponds to an "Enter" ("yes" branch of step 2522), module 
214 suitably encrypts the data stored in PIN enter buffer 1814 (step 2526). as 

25 discussed in greater detail below in conjunction with Figure 26. 

Although the illustrated embodiment is described in the context of numeric (i.e., 
"0" through H 9") PIN data, it will be appreciated that the confidential data entered into 
module 214 may be of any suitable form, e.g., numeric, alpha, alphanumeric. ASCII, 
binary, or any other suitable modality. 

30 Referring now to Figure 26. the encryption operation 2526 suitably proceeds as 

follows. Once the confidential data {e.g., PIN) is entered onto keypad 1 102 by the 
user, processor 1212 retrieves the data from personal account number register 1 8 1 8 of 
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RAM 1802 and the PIN from buffer 1814 (step 2602). These data, alone or in 
conjunction with other data, are suitably combined and encrypted in any suitable 
maner (step 2602). In a preferred embodiment, these data may be suitably combined 
in accordance with ANSI specification X9.24-1992. The data is suitably encrypted in 

5 accordance with ANSI standard X3 .92-1 981 or any other desired encryption 

technique. More particularly, the foregoing combination and encryption algorithms 
are desirably resident in operational program sector 1904 of ROM 1902, and operate 
in conjunction with encryption key information suitably stored in EEPROM 2002 {see 
Figures 19 and 20). By storing the encryption key data in nonvolatile memory {i.e.. 

1 0 EEPROM). system integrity and security is enhanced. 

With continued reference to Figure 26, upon encrypting the data in accordance 
with step 2602. the encrypted data is suitably written into the next successive location 
in encrypted PIN sector 1816 of RAM 1802 (step 2604). Thereafter, the address 
corresponding to the location in sector 1816 wherein the encrypted data is written is 

15 transmitted to PC 110 (step 2606). More particularly, and with momentary reference 
to Figure 2, once the data is encrypted within module 214, the location of the 
encrypted data is transmitted to PC 1 1 0 via connector 2 1 2, such that unencrypted 
confidential data need not be transmitted from module 214 to PC 110 in order to 
effect a transaction. 

20 After encrypting the data, processor 1212 suitably creates a new unique key for 

use in a subsequent encryption process and stores the new key in future encryption key 
sector 2004 of EEPROM 2002 (step 2608). In accordance with one aspect of the 
present invention, the new encryption key may be generated in accordance with any 
suitable scheme which is compatible with the encryption algorithm executed in step 

25 2602. In accordance with a preferred embodiment, a new unique encryption key may 
be generated in accordance with ANSI X9.24-1 992. 

Upon transmitting indicia of the encrypted data from module 2 1 4 to PC 1 1 0 ? PC 
1 10 continues to execute the application program residence therein, as described 
above in detail in connection with Figures 4-10. 

30 Returning now to the main control loop 2100 of module 214 (Figure 21). 

module 214 may also elect to enter card swipe mode 2118 (step 21 16). More 
particularly, and with momentary reference to Figure 7. PC 1 10 may request module 
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2 14 to enter the card swipe operational mode, for example at a point during the 
execution of the application software resident in PC 110 where such application 
software prompts the user to swipe his transaction card through card swipe slot 1 104 
of module 214 (Figure 11). for example as discussed above in connection with step 
5 716. 

Referring now to Figure 27, upon entering the swipe operational mode, 
processor 212 suitably initializes (clears) respective swipe data input buffers 1820. 
1822 of RAM 1802 (step 2702). The system then looks for a mode change (step 
2704). and returns to system redirect state 2106 if a mode change is detected. 

10 Otherwise, the system sets a swipe timeout counter to a predetermined maxtime 

during which the transaction must engage the card reader (step 2706). In a preferred 
embodiment, the predetermined value of this maxtime. on the order of 1 5 seconds, is 
suitably stored in swipe time-out register 1824. of RAM 1802. 

The time-out counter is successively decremented (step 2708) until the software 

1 5 timer resident in sector 1 824 reaches zero (step 27 1 0), whereupon the data then 

resident in buffers 1820, 1822 are transmitted to PC 1 10 (step 2714). Alternatively, 
rather than waiting until the maxtime counter counts down to zero, the "swiped" data 
may be transmitted to PC 1 10 when processor 1212 determines that respective input 
buffers 1820. 1822 are full (step 2712). 

20 Upon the first to occur of the timing out of these swipe timeout timer (step 

2710) or a detection that the swipe input buffers are full (step 2712). the data within 
card swipe buffers 1820, 1822 are transmitted to PC 1 10 (step 2714). 

With momentary reference to Figures 12 and 16-17. recall that magnetic 15 
strip reader circuit 1206 "reads" the data from the magnetic strip on a transaction card 

25 through magnetic head reader 1602 (or magnetic head readers 160."? (a). 1603 (b) in 
Figure 17) whereupon reader circuit 1 206 applies an output signal (corresponding to 
one or both of "ch 1 swipe" and "ch 2 swipe") to ports paO and pal of processor 1212, 
respectively, as discussed in detail above. 

More particularly and with reference to Figures 16 and 28. as a transaction card 

30 bearing a magnetic strip is drawn through card reader slot 1 104 (see Figure 11). 
magnetic reader head 1602 outputs alternating high and low voltage levels 
corresponding to the data encoded on the magnetic strip. Upon the detection of a first 
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output level from schmidt trigger 1612. for example a logic high value, a hardware 
timer (not shown) resident in processor 1212 is stopped, and the time at which this 
timer is stopped is suitably saved in swipe timer register 1826 of RAM 1802 (see 
Figure 18) (step 2802). The card swipe timer is again reset to zero and restarted. 
5 awaiting the detection of a next predetermined voltage level from schmidt trigger 
1612 (step 2802). 

In conjunction with the timer data retrieved in step 2802. processor 1212 
determines if the output of schmidt trigger 1612 corresponds to a predetermined logic 
state {e.g., a zero or a one) (step 2804). This logic data may then be stored in 

10 successive bit locations in the appropriate swipe input buffer (e.g.. buffer 1 820. 1 822) 
(step 2804). The system then determines if the swipe input buffer(s) is full (step 
2806). If the swipe input buffer is full, a buffer full flag is suitably set in swipe buffer 
full flag register 1828 of RAM 1802 (Figure 18) (step 2808), which permits processor 
1212 to determine when the swipe input buffer(s) is full (see step 2712, Figure 27). 

15 Returning now to step 2806 of Figure 28. if the swipe input buffers) is not full, 

the aforementioned software timer is reset to a maximum bit interval value (step 
2810). and the process returns (step 2812) to the point at which it left the process set 
forth in Figure 27, whereupon the process of Figure 28 is repeated on a bit-by-bit 
interrupt basis until all the appropriate data is "read" from the magnetic strip on the 

20 transaction card. Note, however, that the entire process of accumulating the card 

swipe data occurs in a very short period of time, for example ten milliseconds to one 
second, as a card is drawn through card reader slot 1 1 04 (Figure 11). 

Returning now to Figure 21, module 214 is also configured to enter print mode 
2122 from main loop 2100 (step 2120) for example upon a request to do so from PC 

25 110 (see step 8 1 6 ? Figure 8). 

Referring now to Figure 29, print operation mode 2122 suitably entails 
initializing the printer (step 2902), for example to establish various hardware and 
software parameters associated with the printing process. In this regard, and as briefly 
discussed above, the printer may be affiliated with PC 1 10. for example by connecting 

30 a printer directly to box 204. or by connecting the printer to PC 110 via a suitable 
networking configuration. Alternatively, the printer may interface directly with the 
encryption module, for example at connector 310 of module 300 (Figure 3 or. 
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alternatively, at peripheral device module 1200 of module 214 as shown in Figure 
12). 

With continued reference to Figure 29, the system determines if a mode change 
has occurred (step 2904) and. if so, returns to system redirect step 2906. 

5 The system then determines if the data to be printed is currently available, for 

example by interrogating data output buffer 1810 (Figure 18) (step 2908). If the data 
is not available, the system returns to step 2902 to await the data to be printed. If the 
data is available ("yes" branch of step 2908), the system determines if the printer is 
ready (step 2930). In this regard, the printer to be checked will likely be connected to 

10 module 214. inasmuch as it would not typically be necessary to execute print 

operation 2 122 if the printer were connected to PC 1 1 0. Stated another way, if PC 
1 10 is equipped with a printer, the print operation may be controlled directly by PC 
110, while the print operation as set forth in Figure 29 is appropriately controlled by 
module 214 if the printer employed in the context of the present invention is 

1 5 interfaced with module 2 1 4. 

With continued reference to Figure 29, if the printer is not ready, module 214 
suitably sends a command to the PC indicating that the printer associated with module 
214 is not ready. In this regard. PC 1 10 may prompt the user to correct the printer 
situation, for example as described above in conjunction with Figure 7. 

20 If the printer associated with module 214 is ready, the data resident in data 

output buffer 1810 is transmitted to the printer, for example via serial bus 121 1 (see 
Figure 12). In accordance with the preferred embodiment, the data to be printed is 
transmitted to the printer in serial fashion; hence, the process set forth in Figure 29 is 
desirably repeated until the data present in data output buffer 1 810 is sequentially 

25 transmitted to the printer. 

Returning now to main loop 2100 (Figure 21) and with reference to Figure 30. 
module 214 is suitably configured to enter modem mode 2126 (step 2124), for 
example in response to a request to do so from. PC 1 10 (see step 710, Figure 7). 

As briefly discussed above, the present invention may be configured to transmit 

30 data and information from PC 1 10 to host computer 102 in any convenient manner, 
for example via a modem associated with PC 1 10 or. alternativelv. modem 1202 
associated with module 214 (or modem connector 308 associated with module 300: 
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Figure 3). If data is transmitted from PC 1 10 via a modem associated with PC 110. it 
would not generally be necessary for module 214 to execute modem operation 2126; 
rather, the modem operation may be effectively carried out by PC 1 1 0. If, on the other 
hand, modem operation is to be effected through a modem interfaced with module 
5 214, it may be particularly, advantageous for processor 1212 to control the modem 
operation. 

With continued reference to Figure 30. modem operation 2126 suitably (entails 
an initialization of modem 1202 (step 3002). module 214 then determines if a mode 
change has occurred (step 3004) and. if so, the system returns to system redirect 2106. 
10 If a mode change has not occurred, the system determines if data output buffer 1810 
contains the data to be transmitted via modem (step 3006). If the data is not resident 
in buffer 1810. the system returns to step 3004 and continues cycling between steps 
3004 and 3006 until the data is written into buffer 1810 or until a mode change 
occurs. 

1 5 When data output buffer 1810 contains the appropriate data to be transmitted 

via modem, processor 1212 retrieves the data from output 1 8 10 and transmits the data 
via modem to host computer 102 (step 3008). When it is desired for module 214 to 
receive data via modem, for example from host computer 102, processor 1212 may be 
suitably configured to retrieve the data from modem 1202. for example at modem 

20 interrupt port pa2. 

Referring now to Figure 31, PC 1 10 suitably transmits a request to module 214 
to transmit data via the modem connected to module 214. More particularly, a 
modem interrupt message is applied to port pa2 of module 1212 by modem 1202. 
Module 214 then determines if the message corresponds to a "data received" interrupt 

25 (step 3 102) or a modem transmit interrupt (step 3 104). If a data received interrupt 
occurs ("yes" branch of step 3 102). indicating that data has been received at modem 
1202. the data received at modem 1202 is retrieved by processor 1212 and transmitted 
to the PC via connector 2 1 2 (step 3 1 06). 

If the modem interrupt message corresponds to a modem transmit request (step 

30 3 104). processor 1212 retrieves the data to be transmitted from buffer 1810 and 

applies the data, for example on a byte-by-byte basis, to modem 1202 (step 3 108). 
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If the modem interrupt corresponds to neither a data received or a data transmit 
message, an error message is suitably sent to the PC (step 3110). 

After data which is received at modem 1202 is retrieved and sent to PC 110 
(step 3 1 06), And after data is sent by processor 1212 from buffer 1 8 1 0 to modem 
5 1 202 (step 3108), the system returns (step 31 12) to the low level process of Figure 30. 
and the process is repeated for each successive interrupt generated by modem 1202. 

Referring now to Figures 21 and 32 ? module 214 may be suitably configured to 
enter bar code operational mode 2130 (step 2128), for example in response to a 
request to do so from PC 1 10. Bar code operation 2130 suitably entails determining 

1 0 whether a mode change has occurred (step 3302) and, if so, returning to system 
redirect step 2106. If a mode change has not occurred, data may be input from a 
general purpose module 1210. for example a bar code reader (step 3204). Once the 
bar code or other data is received by module 214. it may be appropriately transmitted 
to PC 1 10. as desired (step 3206). 

15 Referring now to Figures 21 and 33. module 214 may be suitably, configured 

to execute a smart card operation 2134 (step 2132). for example in response to a 
request from PC 1 10 to do so. In this regard, although many of the various functional 
features associated with module 214 (e.g. , modem operation 2 1 26. print operation 
2122. swipe operation 2118. and the like) are initiated in response to a request from 

20 PC 1 1 0 in accordance with the embodiment described herein, it will be appreciated 
that the various operational states of module 214 may suitably be effected in any 
desired manner, for example by entering appropriate commands directly into module 
214. 

With continued referenced to Figure 33. smart card mode 21 34 suitably entails 
25 determining whether a mode change has occurred (step 3302) and. if so. returning to 
system redirect step 2106. 

If no mode change has occulted, the system determines if data is to be read from 
a smart card (step 3304). In this regard, and as briefly stated above, such a request 
may come from PC 110, or may be otherwise effected by the user, for example by 
30 entering a particular code or depressing other buttons (not shown) onto keypad 1 1 02 
(Figure 11). 
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If data is to be read from a smart card ("yes" branch of step 3304). data is 
retrieved by processor 1212. for example via smart card, reader 1208 (Figure 12). 
Upon retrieving the data from the smart card, the data may be transmitted to PC 1 10 
(step 3306). 

5 As discussed above, module 214 may also be configured to write data into a 

smart card. In this case, the appropriate data to be written into the smart card may be 
suitably retrieved from data output buffer 1810 and applied to smart card circuit 1208 
(steps 3308,3310). 

Referring now to Figures 21 and 34, module 214 in the PC application 

10 software discussed above in conjunction with Figures 4-10 may be suitably 

configured such that the application software resident in PC 110 must first validate 
module 214 before permitting the transmission of encrypted data or otherwise 
performing functions described herein. More particularly, in view of the importance 
of maintaining security in the context of real time funds transfer authorization, it may 

1 5 be desirable to permit PC 1 1 0 (e.g. , through software) to confirm that module 2 1 4 
embodies satisfactory security features before effecting transactions. 

With continued reference to Figures 21 and 34. module 214 may be suitably 
configured to enter a system validation mode 2138 (step 2136), for example in 
response to a request from the user or from PC 1 1 0 to do so. System validation mode 

20 2138 entails, inter alia, a determination of whether a mode change has occurred ( step 
3402) and. if so. the system may be configured to return to system redirect step 2106. 

Module 214 may then be configured to receive and/or retrieve validation data 
from PC 110. which validation data either confirms that the application software 
running on PC 1 10 is compatible with module 214; alternatively, the validation data 

25 may permit module 214 to run a self-check to determine if adequate security 

mechanisms are in place. Module 214 may then confirm that it is compatible with the 
software resident on PC 110 (step 3406). If the system determines that either module 
214 or the application program running on PC 110 are not "valid" according to 
predetermined validation criteria, module 214 may be configured to either disable 

30 itself or to disable the software running on PC 110 step 3408). 
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Referring now to Figures 21 and 35. module 214 may suitably be configured to 
execute a bit operation 2142 (step 2140). for example in response to a request from 
PC 1 10 or the user to do so. 

Bit operation 2142 suitably determines if a mode change has occurred (step 

5 3502) and, if so. returns the system to system redirect step 21 06. If a mode change 
has not occurred, module 214 may execute any number of built-in tests (bits) (step 
3504), for example testing various data transmission and retrieval processes, testing 
the presence and/or functionality of various peripheral devices, or executing the 
various wraparound and/or auditing facilities set forth in Figure 1. 

10 From time to time during the operation of PC 110. It may be desirable to 

transmit encrypted data from module 214 to PC 1 10. With continued reference to 
Figure 21 and referring also to Figure 36. module 214 may thus be configures to 
selectively enter retrieval mode 2146 (step 2144), for example in response to a request 
to do so from the user or from PC 110. 

1 5 Retrieval mode 2 1 46 suitably entails, inter alia, determining whether a mode 

change has occurred (step 3602) and, if so, returning the system to system redirect 
step 2106. If a mode change has not occurred, indicating that the system remains in 
retrieval mode, module 214 waits for a request from PC 1 10 for the encrypted data, 
which request may include the address in sector 1816 of RAM 1802 (Figure 18) 

20 where the desired encrypted data is stored (step 3604). Upon receipt of a request from 
PC 1 10 to transmit encrypted data, module 214 retrieves the encrypted data from an 
appropriate location in memory {e.g., encrypted PIN holding area 1816), and sends the 
encrypted data to PC 1 10 (step 3606). Upon doing so. processor 1212 may suitably 
reset encrypted PIN holding area 1816 back to empty. 

25 Referring now to Figures 37-39, various alternate embodiments of an 

encryption module in accordance with the present invention are illustrated. In 
connection with the embodiments shown in Figures 37-39, the concept of an 
encryption module is expanded to include an encryption module configured to be 
interposed between a PC and virtually any modality for inputting data to be encrypted. 

30 for example a keypad for manually entering confidential data, a serial port for 

receiving confidential data from virtually any electronic source, a smart card (or ICC) 
reader, a magnetic stripe reader, a bar code reader, a voice recognition circuit, an IRIS 
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scanner, a finger print reader, thumb print reader, or palm print reader, a text scanner, 
or virtually any other type of input device. In this regard, it will be appreciated that 
the various input devices or hardware may be either integral with the encryption 
module (i.e.. formed as a unitary construction with the encryption module), or the 
5 input devices may be connected to the encryption module via any secure medium. For 
example, the data input device may be connected to the encryption module via a hard 
wired communication link, an infrared (IR) connection, a radio frequency (RF) 
coupled connection, or the like. 

In accordance with a preferred embodiment, it is desirable to isolate the 

1 0 communications link (either a hard wired link or otherwise) through which the data to 
be encrypted travels from the data acquisition device to the encryption module, on the 
one hand, from the generally non-propriety data communications bus universal 
serial bus (USB)) which may facilitate communication between, inter <///"a. the 
encryption module and the PC. In this way. the unencrypted data remains isolated 

1 5 from the PC, rendering it nearly impossible to capture the unencrypted data from a 
modem or other device which may interface with the PC and which is not authorized 
to capture the unencrypted data. In the embodiment shown in Figures 37-39. it may 
also be desirable to configure the encryption module to receive confidential data from 
a remote source, for example from a credit card or a Financial transaction 

20 authorization host computer, via telephonic, cable or RF link. In accordance with yet 
a further embodiment of the invention as illustrated in Figures 37-39. it may be 
desirable to configure the encryption module to communicate with one or more 
destinations for transmitting encrypted data, for example to a CRT. LCD or LED 
monitor, a credit card or financial transaction authorization host, a printer, or to 

25 another PC. 

Finally, it may be desirable to configure the encryption module to capture 
confidential data or information, and to transmit the unencrypted data to a local or 
remote destination via a proprietary or otherwise secure communications link; as an 
example, the encryption module may be configured to capture confidential data from. 

30 for example, a smart card (ICC), and to transmit that data to a local printer, computer, 
or other device for printing or viewing, i.e.. by converting the unencrypted data from a 
smart card, keyboard, etc. into an encrypted insignia, for example, a two-dimensional 
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bar code, or the like. This application may be particularly useful in the context of 
printing an insignia, wherein it is desirable to capture non-encrypted data, transform 
that data into encrypted printable data. e.g. (graphic, character, bar code) and then 
transmit the encrypted printable data, to a printer, for example, to create a redeemable 
5 coupon, admittance ticket or postage. 

Finally. Figures 37-39 further illustrate applications of the subject encryption 
module wherein the module is equipped to receive encrypted e-mail or other text data 
online, and to thereafter decrypt the information, for example to display information 
(e.g., on the associated PC) in a secure, off-line manner. 

10 In this regard, the encryption module will protect the confidential but non- 

encrypted data from being intercepted by unauthorized persons that may be 
monitoring the unsecure communications bus (e.g., USB. IEEE1394. or ADB). 
Referring now to Figure 37A-C an encryption module 3702 is suitably generally 
analogous in function to that described in conjunction with Figures 1-36. In 

1 5 particular, encryption module 3702 suitably includes circuitry for encrypting (and/or 
decrypting) confidential data and information, for example by using encryption 
algorithms, techniques, keys, and the like which are resident within non-volatile ROM 
(/.<?,. EEPROM) or other secure data storage device comprising module 3702; 
alternatively, encryption module 3702 may be configured to receive encryption 

20 algorithms, techniques, and the like from a remote source, as discussed in greater 
detail below. 

With particular reference to Figure 37 A, encryption module 3702 is suitably 
configured with a connector 3704 for interfacing module 3702 with a desktop PC. a 
laptop PC, or virtually any other type of computer or communications device. In 

25 particular, a communications link 3704, for example an RS/232 compatible link is 
configured to interface with the serial port of a PC or laptop computer. Inasmuch as 
this type of serial port typically communicates with a general PC databus {e.g., the 
PC's USB), it is desirable to ensure that the confidential data is first encrypted by 
module 3702 before being transmitted along link 3704 to the PC. Moreover, as 

30 briefly discussed above and as discussed in greater detail below, the data to be 
encrypted may be acquired by module 3702 in virtually any desired manner, for 
example through the use of a data acquisition device which is integral with module 
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3702 or. alternatively, by way of a data acquisition device which is connected to 
module 3702. In either case, the data to be encrypted may be acquired in virtually any 
manner, for example through the use of a PIN pad, keyboard, voice recognition 
circuit, scanner, magnetic stripe reader, smart card reader, external serial port (which 
5 can be the same as or different from the port to which link 3704 is connection or die 
like). 

The present invention also contemplates embodiments wherein module 3702 
comprises a PC peripheral device, for example a keyboard, mouse, scanner, pin pad, 
or other hardware device which may contain encryption capability. 

1 0 With continued reference to Figure 37, module 3702 (and particularly as shown 

in Figure 37 A) may be configured for connection to a keyboard port (e.g., a PS/2 
port) of a conventional laptop computer, for example via communications link 3704. 

Referring now to Figure 37B, module 3702 may suitably be equipped with one 
or more PC connectors 3706 and/or one or more of peripheral device connectors 3708. 

1 5 In accordance with a particularly preferred embodiment, connector 3706 may suitably 
be employed to connect encryption module 3702 to a keyboard-type port on a 
conventional desktop and/or laptop computer, for example a PS/2 port, ADB port, 
parallel port. USB port, IEEE488-type port, or the like. In this regard, if the 
encryption module is connected to the "keyboard" port of a laptop which already 

20 comprises an integral keyboard, it may not be necessary to connect communications 
link 3708 to any other device: indeed, it may be desirable to omit connector 3708 
from the device entirely. In accordance with a further embodiment, even in situations 
where the encryption module is connected to the keyboard port of a laptop device via 
connector 3706. it may nonetheless be desirable to connect the encryption module to a 

25 supplemental keyboard via connector 3708, as desired. In accordance with an 

alternate preferred embodiment, the device shown in Figure 37B may be serially 
interposed between a keyboard port (via connector 3706) and a peripheral device 
(including but not limited to a keyboard) via connector 3708, for example in the 
context of a conventional desktop computer. With continued reference to Figure 

30 37B. whether in the context of a desktop or a laptop computer, connector 3708 may 
facilitate the interaction between encryption module 3702 and virtually any type of 
device for inputting confidential data, as described above. 
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Referring now to Figure 37C. an exemplary encryption module 3702 is suitably 
equipped to interface with a USB bus. an IEEE1394 firewire bus. or other general 
purpose bus of a PC via a connection 3710. For a more thorough discussion of 
general purpose PC bus specifications, see. Universal Serial Bus Specification. 

5 produced by Compact. Digital Equipment Corporation. IBM PC Company. Intel. 
Microsoft, and Northern Telecom, rev. 9. dated March 31. 1995 and subsequent 
revisions; see also. Guide to the Macintosh Family Hardware, by Apple Computer 
Inc.. 2nd Ed. The entire disclosure of the foregoing documents are hereby 
incorporated herein by this reference. 

10 More particularly, although the module shown in Figure 37C may also be 

equipped with a "keyboard"' or serial-type connector as shown in Figures 37A and B. 
a module is separately set forth in Figure 37C for attachment to USB or IEEE 1 394 
(firewire)--type buses to underscore the flexibility of the various attachment 
modalities available for encryption module 3702. With continued reference to Figure 

15 37C. respective input connections 3712, 3714, and 3716 may be employed to attach 
the encryption module with one or more external devices, for example integral or 
remote data acquisition devices, RF and IR couplers to printers, display devices, and 
the like. Of course, one or more of these connections could also be employed in 
conjunction with the embodiments shown in Figures 37A and B. One or more of 

20 connections 3712-3716 may also employ USB or firewire-type protocols; however, it 
may be advantageous to employ "protected" protocols for the non-encrypted inputs. 

Referring now to Figure 38. a peripheral device 3802 suitably comprises a PC 
peripheral, for example a PIN pad. keyboard, mouse, or similar data input device or. 
alternatively, module 3802 may suitably comprise a stand-alone encryption module. 

25 having one or more data input functions integral therewith and/or connect able thereto. 
The module schematically shown in Figure 38 is a more generalized version of the 
module shown in Figure 37. In particular, module 3802 suitably comprises one or 
more connectors 3810, 3812, 3814 or connection to one or more pieces of hardware, 
for example a PC or the like. In addition, one or more of links 381 0-3814 may be 

30 configured for connection to a high resolution video monitor using, for example, an 
IEEE 1394 "fire wire bus ? \ or it may be configured for RF or IR communication with 
other systems. In addition, module 3802 may suitably be configured to include one or 
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more of respective connectors 3816. 3818. 3820 (and so on) for connection to one or 
more input peripherals (mouse, keyboard, scanner, voice input, etc.). In the context 
of the present invention, virtually any communication link may be employed, 
including any one or a combination of the following: standard PC or other keyboard 
5 format; PS/2 format; Apple desktop bus (ADB); small computer system interface 

(SCSI); RS/232; parallel port; USB; IEEE1394 (fire wire); infrared; RF: fiber optics; 
PCMCIA; IDE; EIDE; SCSI; IEEE488, and the like. 

Referring now to Figure 39, a more detailed schematic diagram of an 
exemplary encryption module or peripheral device analogous to that discussed in 

10 connection with Figures 37 and 38 will now be described. 

An exemplary encryption module 3902 suitably comprises, in its simplest form, 
an acquisition input 3904 and a PC connector 3926. As discussed above, acquisition 
input circuit 3904 may suitably include one or more data input modalities (e.g.. ICC, 
keypad, magnetic stripe, and the like) which are integral with module 3902. connected 

1 5 to module 3902 either remotely or locally, or both. PC connection link 3926 is 

suitably configured to maintain communication between module 3902 and a desktop 
computer, laptop computer, notebook computer, or any other computer, peripheral, or 
other device to which it is desired to send encrypted data. Thus, connector 3926 may 
comprise an RS/232 connector, a PS/2 connector, a USB connector, an IEEE 1394 

20 (firewire) connector, or the like. 

Various essential components of module 3902 are omitted from the drawing for 
clarity, such as a processor or microcontroller, ROM for executing operating code. 
EEPROM for storing operating instructions, encryption software, and the like. RAM, 
power supply, and the like. 

25 With continued reference to Figure 39. encryption module 3902 also suitably 

includes an encryption engine 3924 to perform one or more different types of 
encryption (e.g.. DES. RSA. elliptical curve public/private key management) using 
one or more encryption keys 3922 that are either resident and protected within 
encryption module 3902 (e.g., ROM. EEPROM) or which may be derived or retrieved 

30 by encryption module 3902. for example by communicating over one of the 

communication links associated with module 3902 with a remote or local device 
connected to the module. In the case where the keys are resident and protected within 
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module 3902. the module suitably includes means for protecting the keys, for 
example, using interlocks which, when triggered by intruding or violating the device, 
will erase the contents of the volatile memory or otherwise destroy encryption keys 
3922 or derivatives thereof. 

5 Encryption module 3902 may further comprise one or more exemplary 

connection links 3914. 3916. and 3918 (and so on) which may be connected to remote 
(or local) devices for receiving information, some of which may be desirably 
encrypted. In this way, confidential data may be obtained by module 3902. and 
manipulated, stored, or otherwise utilized by module 3902, in a secure (e.g., 

1 0 proprietary) environment. . Moreover, some or all of the confidential data received by 
module 3902 may be encrypted, for example via encryption engine 3924. whereupon 
the encrypted data may be transmitted to a PC or other device via communication link 
3926. 

In accordance with a further aspect of the present invention, additional 

1 5 communication links 3928, 3930, and 3932 may be provided to permit encrypted data 
to be transmitted to additional destinations. For example, it may be desirable to 
connect one of links 3928-3932 to a local or remote printer, for example to permit the 
printing of documents (e.g., tickets to sporting events, concerts, and the like) which 
may comprise an encrypted portion, for example a two-dimensional bar code or other 

20 insignia. Alternatively, one or more of links 3928-3932 may be RF coupled, or 
connected in some other manner to an authorization network or other banking or 
related financial network, for example to permit module 3902 to obtain 
preauthorization or real-time authorization of a transaction while module 3902 is 
simultaneously connected to a PC via communication link 3926. 

25 More particularly, module 3902 may be conveniently configured to 

communicate with a PC via communication link 3926. For example, while the user of 
a PC is connected to the Internet, reviewing various possible financial or other 
transactions, module 3902 may provide the ability to obtain transaction authorization 
while permitting the user of the PC connected via connector 3926 to remain on-line. 

30 For example, if the consumer is "shopping" on the Internet with his PC. and desires to 
effect a financial transaction, the consumer may obtain authorization for the 
transaction from a remote host via one of connectors 3928-3932. In this example, the 
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remote host may prompt the user to input a PIN or other confidential piece of 
information, for example through an auxiliary speaker 3906, display 3908. or other 
device associated with module 3902. The user may then enter the confidential data 
through acquisition input circuit 3904 or, alternatively, through one or more data input 

5 devices associated with connectors 3914-3918. Once the confidential data has been 
entered into module 3902. authorization for the transaction may be obtained, while 
maintaining a i; fire wall" between the PC connected to connector 3926 and the 
unencrypted data processed by module 3902. Once an authorization for the requested 
transaction has been obtained, that authorization number may be transmitted to the PC 

10 via connector 3926. and thereafter to the * k merchanf " with whom the consumer 

proposed to transact business on the Internet or other "shopping"' environment. In 
accordance with a further aspect of this embodiment, the authorization number may be 
digitally signed by the remote host with its private encryption key prior to sending it to 
the encryption module. Accordingly, when the merchant receives the authorization 

1 5 number from the user via the encryption module, the merchant can authenticate the 
authorization number by checking or otherwise decrypting the digital signature. 

Alternatively, a user may desire to obtain digital cash, digitally signed 
documents, or other documents, data, or information which relate to a transaction or 
an application with which the user is involved. For example, while the user is 

20 operating his PC. which is connected to module 3902 via connector 3926. he may 

desire to contact a financial institution or other entity via one of connectors 3928-3932 
and perform the ''encryption'' function. For example, the user may enter data relating 
to a credit card account, bank account, or other data into acquisition input circuit 
3904. and thereby retrieve digital coins or other encrypted data or information from a 

25 remote host, and thereafter use such encrypted data to perform an on-line or off-line 
transaction by transmitting the encrypted data to the PC. via encryption engine 3924. 
through connector 3926. In accordance with this aspect of the invention, the digital 
coins or other encrypted data may be stored in the encryption module or in a smart 
card for an unspecified amount of time prior to the user cashing in or otherwise using 

30 the digital money or other data. It will be appreciated that the foregoing examples 
may be implemented via standard phone lines, modem hardware. RF couplers. IR 
coupling, data channels, or any other suitable modality. Indeed, it may be desirable to 
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connect module 3902 to two or more PCs via links 3926-3932. wherein a first PC can 
be used to perform the on-line transaction, and the other PC may be used to obtain 
authorization. 

In addition, authorization, digital currency, and other data may be retrieved via a 
5 local or remote peripheral device or system which communicates with module 3902 
on the "unencrypted" side of the software fire wall, i.e.. via one of communication 
links 3914-3918, or through acquisition input circuit 3904. 

With continued reference to Figure 39 ? a switch 3912 may suitably be 
employed to connect one or more of communication links 3914-3918. and acquisition 

10 input circuit 3904 to the PC via communication links 3926-3932. A suitable switch 
may also be employed to select one or more of communication links 3926-3932. 
Although the •'switch'" is schematically shown as a mechanical/electrical switch, it 
will be appreciated that virtually any type or combination of hardware, software, 
firmware, or hybrid switching and/or connecting modalities may be employed. 

15 With continued reference to Figure 39, display 3908 may be conveniently 

employed to permit the user to review various data fields in "clear text" format to 
confirm the accuracy of a transaction. For example, the dollar amount of a transaction 
could be displayed on the display device 3908 before a purchase is made to ensure 
that the proper amount of the transaction has been entered. Indeed, virtually any data 

20 or information may be displayed by module 3902 in any convenient modality {e.g. . 
display 3908, speaker 3906. or the like), even if that information is of a confidential 
nature, so long as the data is properly encrypted before being transmitted to the PC or 
other device via connection links 3926-3932. In this way, the security of the 
confidential data prior to encryption is upheld, inasmuch as access from the PC to 

25 encryption module 3902 via communication links 3914-3918 is quite difficult, if not 
impossible through known techniques. 

With continued reference to Figure 39. a further embodiment of module 3902 
suitably exhibits a ifc plug-and-play" capability. More particularly, software resident 
within module 3902 suitably includes a plurality of software drivers advantageously 

30 configured to identify and accommodate virtually any data input device, whether 

integral with or connected to module 3902, which may be employed with the module. 
In this way. off the shelf data acquisition devices (scanners, magnetic stripe readers. 
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smart card readers, and the like) may be purchased separately from module 3902. with 
the consumer enjoying the plug-and-play capability provided by the various software 
drivers which are preinstalled into module 3902. 

Although the subject application has been described herein with reference to the 
5 appended drawing Figures, it will be appreciated that the scope of the invention is not 
so limited. Various modification in the design and implementation of various 
components and method steps discussed herein may be made without departing from 
the spirit and scope of the invention, as set forth in the appended claims. 



-38- 



WO 98/40983 



PCT/US98/05004 



CLAIMS 

1 1 . A remote processing system, located at a first site, for interfacing with a 

2 host computer system located at a second site which is remote from said first site, the 

3 host computer system being of the type which includes a host modem and which is 

4 configured to facilitate financial transactions upon receipt from said remote 

5 processing system of a data packet including an encrypted data field, said remote 

6 processing system comprising: 

7 a. a PC. comprising: 

8 ( 1 ) a first memory sector configured to store an interactive 

9 software program; 

10 (2) a first processor configured to execute said software 

1 1 program: 

12 (3) an input port configured to communicate with said first 

13 processor; and 

14 (4) a second modem configured to transmit said data packet 

1 5 from said PC to the host modem in accordance with said 

1 6 software program; 

17 b. an input device; and 

18 c. an encryption module connected in series between said input 

19 device and said input port, comprising: 

20 ( 1 ) a keypad: 

21 (2) a second processor configured to encrypt data entered 

22 onto said keypad; and 

23 (3) a data link configured to maintain communication 

24 between said encryption module and said PC input port. 
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